From b74ec483939d32acfa0b364304dbae2c655530ee Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Thu, 13 Oct 2022 18:19:18 +0800 Subject: [PATCH 1/2] =?UTF-8?q?refacotr:=20=E6=8B=86=E5=88=86=E6=8E=88?= =?UTF-8?q?=E6=9D=83=E6=A8=A1=E5=9D=97=E7=9A=84=E7=9B=AE=E5=BD=95=E7=BB=93?= =?UTF-8?q?=E6=9E=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/models/__init__.py | 1 + apps/perms/models/asset_permission.py | 46 ++----------------------- apps/perms/models/const.py | 48 +++++++++++++++++++++++++++ apps/perms/tests.py | 3 -- apps/perms/utils/permission.py | 4 +++ 5 files changed, 56 insertions(+), 46 deletions(-) create mode 100644 apps/perms/models/const.py diff --git a/apps/perms/models/__init__.py b/apps/perms/models/__init__.py index 0c7e25c70..9cb0efc76 100644 --- a/apps/perms/models/__init__.py +++ b/apps/perms/models/__init__.py @@ -2,3 +2,4 @@ # from .asset_permission import * +from .const import * diff --git a/apps/perms/models/asset_permission.py b/apps/perms/models/asset_permission.py index 9d444268f..91b894105 100644 --- a/apps/perms/models/asset_permission.py +++ b/apps/perms/models/asset_permission.py @@ -11,7 +11,8 @@ from assets.models import Asset, Node, FamilyMixin, Account from orgs.mixins.models import OrgModelMixin from orgs.mixins.models import OrgManager from common.utils import lazyproperty, date_expired_default -from common.db.models import BaseCreateUpdateModel, BitOperationChoice, UnionQuerySet +from common.db.models import BaseCreateUpdateModel, UnionQuerySet +from .const import Action, SpecialAccount __all__ = [ 'AssetPermission', 'PermNode', @@ -23,44 +24,6 @@ __all__ = [ logger = logging.getLogger(__name__) -class Action(BitOperationChoice): - ALL = 0xff - CONNECT = 0b1 - UPLOAD = 0b1 << 1 - DOWNLOAD = 0b1 << 2 - CLIPBOARD_COPY = 0b1 << 3 - CLIPBOARD_PASTE = 0b1 << 4 - UPDOWNLOAD = UPLOAD | DOWNLOAD - CLIPBOARD_COPY_PASTE = CLIPBOARD_COPY | CLIPBOARD_PASTE - - DB_CHOICES = ( - (ALL, _('All')), - (CONNECT, _('Connect')), - (UPLOAD, _('Upload file')), - (DOWNLOAD, _('Download file')), - (UPDOWNLOAD, _("Upload download")), - (CLIPBOARD_COPY, _('Clipboard copy')), - (CLIPBOARD_PASTE, _('Clipboard paste')), - (CLIPBOARD_COPY_PASTE, _('Clipboard copy paste')) - ) - - NAME_MAP = { - ALL: "all", - CONNECT: "connect", - UPLOAD: "upload_file", - DOWNLOAD: "download_file", - UPDOWNLOAD: "updownload", - CLIPBOARD_COPY: 'clipboard_copy', - CLIPBOARD_PASTE: 'clipboard_paste', - CLIPBOARD_COPY_PASTE: 'clipboard_copy_paste' - } - - NAME_MAP_REVERSE = {v: k for k, v in NAME_MAP.items()} - CHOICES = [] - for i, j in DB_CHOICES: - CHOICES.append((NAME_MAP[i], j)) - - class AssetPermissionQuerySet(models.QuerySet): def active(self): return self.filter(is_active=True) @@ -79,7 +42,7 @@ class AssetPermissionQuerySet(models.QuerySet): def filter_by_accounts(self, accounts): q = Q(accounts__contains=list(accounts)) | \ - Q(accounts__contains=AssetPermission.SpecialAccount.ALL.value) + Q(accounts__contains=SpecialAccount.ALL.value) return self.filter(q) @@ -89,9 +52,6 @@ class AssetPermissionManager(OrgManager): class AssetPermission(OrgModelMixin): - class SpecialAccount(models.TextChoices): - ALL = '@ALL', 'All' - id = models.UUIDField(default=uuid.uuid4, primary_key=True) name = models.CharField(max_length=128, verbose_name=_('Name')) users = models.ManyToManyField('users.User', blank=True, verbose_name=_("User"), diff --git a/apps/perms/models/const.py b/apps/perms/models/const.py new file mode 100644 index 000000000..6128418b0 --- /dev/null +++ b/apps/perms/models/const.py @@ -0,0 +1,48 @@ +from django.db import models +from django.utils.translation import ugettext_lazy as _ +from common.db.models import BitOperationChoice + + +__all__ = ['Action', 'SpecialAccount'] + + +class Action(BitOperationChoice): + ALL = 0xff + CONNECT = 0b1 + UPLOAD = 0b1 << 1 + DOWNLOAD = 0b1 << 2 + CLIPBOARD_COPY = 0b1 << 3 + CLIPBOARD_PASTE = 0b1 << 4 + UPDOWNLOAD = UPLOAD | DOWNLOAD + CLIPBOARD_COPY_PASTE = CLIPBOARD_COPY | CLIPBOARD_PASTE + + DB_CHOICES = ( + (ALL, _('All')), + (CONNECT, _('Connect')), + (UPLOAD, _('Upload file')), + (DOWNLOAD, _('Download file')), + (UPDOWNLOAD, _("Upload download")), + (CLIPBOARD_COPY, _('Clipboard copy')), + (CLIPBOARD_PASTE, _('Clipboard paste')), + (CLIPBOARD_COPY_PASTE, _('Clipboard copy paste')) + ) + + NAME_MAP = { + ALL: "all", + CONNECT: "connect", + UPLOAD: "upload_file", + DOWNLOAD: "download_file", + UPDOWNLOAD: "updownload", + CLIPBOARD_COPY: 'clipboard_copy', + CLIPBOARD_PASTE: 'clipboard_paste', + CLIPBOARD_COPY_PASTE: 'clipboard_copy_paste' + } + + NAME_MAP_REVERSE = {v: k for k, v in NAME_MAP.items()} + CHOICES = [] + for i, j in DB_CHOICES: + CHOICES.append((NAME_MAP[i], j)) + + +class SpecialAccount(models.TextChoices): + ALL = '@ALL', 'All' diff --git a/apps/perms/tests.py b/apps/perms/tests.py index 344266b19..e69de29bb 100644 --- a/apps/perms/tests.py +++ b/apps/perms/tests.py @@ -1,3 +0,0 @@ -from django.test import TestCase - -from django.contrib.sessions.backends import file, db, cache diff --git a/apps/perms/utils/permission.py b/apps/perms/utils/permission.py index 71bc2f07e..908c6016f 100644 --- a/apps/perms/utils/permission.py +++ b/apps/perms/utils/permission.py @@ -11,6 +11,10 @@ from perms.utils.user_permission import get_user_all_asset_perm_ids logger = get_logger(__file__) +class AssetPermissionUtil(object): + pass + + def validate_permission(user, asset, account, action='connect'): asset_perm_ids = get_user_all_asset_perm_ids(user) From 0f8668fee9d198831fd9a5a4b61d7c1a45d20c70 Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Thu, 13 Oct 2022 20:14:04 +0800 Subject: [PATCH 2/2] =?UTF-8?q?refactor:=20=E5=88=A0=E9=99=A4=E8=B5=84?= =?UTF-8?q?=E4=BA=A7=E6=8E=88=E6=9D=83Model=E4=B8=AD=E4=B8=8D=E4=BD=BF?= =?UTF-8?q?=E7=94=A8=E7=9A=84=E6=96=B9=E6=B3=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/models/asset_permission.py | 88 +++++++++++---------------- apps/perms/utils/permission.py | 13 ++-- 2 files changed, 46 insertions(+), 55 deletions(-) diff --git a/apps/perms/models/asset_permission.py b/apps/perms/models/asset_permission.py index 91b894105..7f6bf02ef 100644 --- a/apps/perms/models/asset_permission.py +++ b/apps/perms/models/asset_permission.py @@ -54,27 +54,30 @@ class AssetPermissionManager(OrgManager): class AssetPermission(OrgModelMixin): id = models.UUIDField(default=uuid.uuid4, primary_key=True) name = models.CharField(max_length=128, verbose_name=_('Name')) - users = models.ManyToManyField('users.User', blank=True, verbose_name=_("User"), - related_name='%(class)ss') - user_groups = models.ManyToManyField('users.UserGroup', blank=True, - verbose_name=_("User group"), related_name='%(class)ss') - assets = models.ManyToManyField('assets.Asset', related_name='granted_by_permissions', - blank=True, verbose_name=_("Asset")) - nodes = models.ManyToManyField('assets.Node', related_name='granted_by_permissions', blank=True, - verbose_name=_("Nodes")) - # 只保存 @ALL (@INPUT @USER 默认包含,将来在全局设置中进行控制) - # 特殊的账号描述 - # ['@ALL',] - # 指定账号授权 - # ['web', 'root',] + users = models.ManyToManyField( + 'users.User', related_name='%(class)ss', blank=True, verbose_name=_("User") + ) + user_groups = models.ManyToManyField( + 'users.UserGroup', related_name='%(class)ss', blank=True, verbose_name=_("User group") + ) + assets = models.ManyToManyField( + 'assets.Asset', related_name='granted_by_permissions', blank=True, verbose_name=_("Asset") + ) + nodes = models.ManyToManyField( + 'assets.Node', related_name='granted_by_permissions', blank=True, verbose_name=_("Nodes") + ) + # 特殊的账号: @ALL, @INPUT @USER 默认包含,将来在全局设置中进行控制. accounts = models.JSONField(default=list, verbose_name=_("Accounts")) - actions = models.IntegerField(choices=Action.DB_CHOICES, default=Action.ALL, - verbose_name=_("Actions")) + actions = models.IntegerField( + choices=Action.DB_CHOICES, default=Action.ALL, verbose_name=_("Actions") + ) is_active = models.BooleanField(default=True, verbose_name=_('Active')) - date_start = models.DateTimeField(default=timezone.now, db_index=True, - verbose_name=_("Date start")) - date_expired = models.DateTimeField(default=date_expired_default, db_index=True, - verbose_name=_('Date expired')) + date_start = models.DateTimeField( + default=timezone.now, db_index=True, verbose_name=_("Date start") + ) + date_expired = models.DateTimeField( + default=date_expired_default, db_index=True, verbose_name=_('Date expired') + ) created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by')) date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created')) from_ticket = models.BooleanField(default=False, verbose_name=_('From ticket')) @@ -91,10 +94,6 @@ class AssetPermission(OrgModelMixin): def __str__(self): return self.name - @property - def id_str(self): - return str(self.id) - @property def is_expired(self): if self.date_expired > timezone.now() > self.date_start: @@ -107,15 +106,6 @@ class AssetPermission(OrgModelMixin): return True return False - @property - def all_users(self): - from users.models import User - users_query = self._meta.get_field('users').related_query_name() - user_groups_query = self._meta.get_field('user_groups').related_query_name() - users_q = Q(**{f'{users_query}': self}) - user_groups_q = Q(**{f'groups__{user_groups_query}': self}) - return User.objects.filter(users_q | user_groups_q).distinct() - def get_all_users(self): from users.models import User user_ids = self.users.all().values_list('id', flat=True) @@ -127,6 +117,21 @@ class AssetPermission(OrgModelMixin): qs = UnionQuerySet(qs1, qs2) return qs + def get_all_assets(self, flat=False): + from assets.models import Node + nodes_keys = self.nodes.all().values_list('key', flat=True) + asset_ids = set(self.assets.all().values_list('id', flat=True)) + nodes_asset_ids = Node.get_nodes_all_asset_ids_by_keys(nodes_keys) + asset_ids.update(nodes_asset_ids) + if flat: + return asset_ids + assets = Asset.objects.filter(id__in=asset_ids) + return assets + + def get_all_accounts(self): + """ TODO: 获取所有账号 (Account 对象) """ + pass + @lazyproperty def users_amount(self): return self.users.count() @@ -143,25 +148,6 @@ class AssetPermission(OrgModelMixin): def nodes_amount(self): return self.nodes.count() - @classmethod - def get_queryset_with_prefetch(cls): - return cls.objects.all().valid().prefetch_related( - models.Prefetch('nodes', queryset=Node.objects.all().only('key')), - models.Prefetch('assets', queryset=Asset.objects.all().only('id')), - ).order_by() - - def get_all_assets(self, flat=False): - from assets.models import Node - nodes_keys = self.nodes.all().values_list('key', flat=True) - asset_ids = set(self.assets.all().values_list('id', flat=True)) - nodes_asset_ids = Node.get_nodes_all_asset_ids_by_keys(nodes_keys) - asset_ids.update(nodes_asset_ids) - if flat: - return asset_ids - else: - assets = Asset.objects.filter(id__in=asset_ids) - return assets - def users_display(self): names = [user.username for user in self.users.all()] return names diff --git a/apps/perms/utils/permission.py b/apps/perms/utils/permission.py index 908c6016f..8b9067613 100644 --- a/apps/perms/utils/permission.py +++ b/apps/perms/utils/permission.py @@ -11,10 +11,6 @@ from perms.utils.user_permission import get_user_all_asset_perm_ids logger = get_logger(__file__) -class AssetPermissionUtil(object): - pass - - def validate_permission(user, asset, account, action='connect'): asset_perm_ids = get_user_all_asset_perm_ids(user) @@ -93,3 +89,12 @@ def has_asset_system_permission(user: User, asset: Asset, account: str): if actions: return True return False + + +class AssetPermissionUtil(object): + + def get_permed_accounts(self, user=None, asset=None): + pass + + def get_related_permissions(self, user=None, asset=None): + pass